Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Anti-virus firms are warning computer users about a new malicious program that attempts to hide on victims computers by taking advantage of maligned DRM (digital rights management) technology from Sony BMG.

Symantec Corp., Sophos PLC and Bit Defender, part of Romanian company SOFTWIN, all issued alerts about Trojan horse programs that can become completely invisible on Windows systems with the Sony DRM technology installed.

The program, which goes by the name "Backdoor.IRC.Snyd.A" and "Backdoor.Ryknos," was discovered on Wednesday and is considered a low threat.

However, the appearance of malicious software that takes advantage of a cloaking feature in technology developed by Sony by UK firm First 4 Internet Ltd. makes good on the dire predictions of security researchers, who speculated that hackers could use the "rootkit" style DRM technology to hide their own malicious programs.

Sony did not respond to requests for comment in time for this article.

Sonys rights management technology—called "sterile burning"—were shipped on CDs by around 20 Sony BMG artists along with a custom media player that must be used to play and make a limited number of copies of the CD on a Windows PC.

Using code written by First 4 Internet, the DRM technology manipulates the Windows core processing center, or "kernel," to make it almost totally undetectable on Windows systems and nearly impossible to remove without fouling Windows, much like malicious programs known as "rootkits."

Sonys efforts to hide the anti-piracy programs erupted into a controversy last week, after Windows expert Mark Russinovich discovered the cloaked software on his own computer and published a detailed analysis of it on his blog at Sysinternals.com.

Russinovichs analysis of First 4 Internets code showed that the rootkit programs hid any file with a name that began with the characters $sys$, rather than looking for and hiding the specific files used by the media player for copyright enforcement.

At the time, he speculated that others who gained access to Windows systems with the sterile burning technology on it could also hide their programs simply by assigning them names that began with $sys$.

The new Trojan program does just that, copying itself from an e-mail attachment to a file called $sys$drv.exe, according to the BitDefender Web site.

The Trojan program has remote control "bot" features that allow the infected system to be controlled by a remote attacker using IRC (Internet Relay Chat) communications, Symantec Corp. said in a statement.

Sophos researchers have received a number of copies of the program attached to e-mails from what is believed to be a spam campaign, said Graham Cluley, a senior technology consultant at Sophos.

However, it is unclear how many copies of the sterile burning technology have been installed, and users who have installed it would have a hard time finding it on Windows without advanced knowledge of the operating systems and diagnostic tools, Russinovich and others have noted.

Consumers in California filed a class action lawsuit on Nov. 1 to stop Sony from distributing the CDs, and seeking monetary damages for consumers who already purchased CDs with the sterile burning technology on it, according to a published report.

Security companies are taking different approaches in dealing with the DRM feature. Symantec has labeled the First 4 Internet DRM features a "security risk" and points customers to a software update on Sony BMGs Web site to remove the stealth features.

Earlier in the week, Computer Associates International Inc. said that their security programs would label the First 4 Internet programs a "rootkit." Sophos will release an update Thursday that will detect the First 4 Internet program and allow users to disable it and the Sony media player, Cluley said.

"I think people would rather lose out on listening to Celine Dion on their PC than have the security vulnerability," Cluley said.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.